Miragón

Privacy Notice

Miragon Investments (“Miragon” or “we”) is committed to protecting the security and privacy of data subjects’ (“you” or “your”) personal data when processing the same. Miragon endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the European General Data Protection Regulation (“GDPR”) and associated national laws, rules and guidance in force in the United Kingdom from time to time.
2. Scope
2.1. This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):

  1. (a)  by you submitting Data to us through our website www.miragoninvestments.com or from what we learn about you from your visit to our website;
  2. (b)  by you or a third party (such as your employer) submitting information to us when you complete one of our surveys;
  3. (c)  by you or a third party (such as your employer) submitting Data to us in the course of us providing services to you or a third party (such as your employer);
  4. (d)  by you or a third party (such as your employer) submitting Data to us where we are seeking to obtain services from you or a third party (such as your employer) as a supplier/service provider;
  5. (e)  as a result of us using your Data (whether obtained from you, a third party or the public arena) to contact you about potential investment opportunities in connection with our appointment to provide advisory services to our clients;
  6. (f)  as a result of us collecting Data about you from third party sources such as Preqin, organisers of events we sponsor or other publicly available sources, such as your employer’s website; and
  7. (g)  as a result of you applying (directly or indirectly through a third party) to be employed by us.

3. Identity and contact details of data controller

  1. 3.1.  Where Miragon is not acting as a data processor, one of Miragon Investments Limited, Miragon Asset Management Limited or Miragon Capital Limited will be the controller of your Data. If you have a direct contractual relationship with Miragon, the relevant Miragon Group contractual counterparty will be your data controller. In all other circumstances, Miragon Investments Limited will be the data controller.
  2. 3.2.  Additionally, in certain circumstances, we may agree with our clients that both we and our clients will act as joint controllers or controllers in common in connection with the processing of Data (in particular of EU corporate finance contacts).
  3. 3.3.  If you are not clear about which Miragon Group entity is the controller of your Data or if you have any queries regarding this policy or complaints about our use of your Data, please contact us at info@miragoninv.com. If you would rather contact us by post, please use the following address:

Miragon Investments
50 Grosvenor Hill
Mayfair, London, W1K 3QT
FAO: Data Processing
4. What we use your Data for
4.1. The table in Schedule 1 to this Privacy Notice sets out the categories of your Data that we hold, the purposes for which we may process your Data and the legal basis for the processing.

  1. 4.2.  Any Group entity may use any of the following Data belonging to you for direct marketing purposes:
    1. (a)  name;
    2. (b)  telephone number(s);
    3. (c)  residential and/or correspondence addresses; and
    4. (d)  email address(es).
  2. 4.3.  Your Data may be used for the direct marketing of any of our products and services which at present include the provision of investment advisory services together with any related services that we may provide from time to time. You may decide whether or not to allow us to use your Data for direct marketing and may opt out of receiving any direct marketing communications from us either at the time at which the communication is received or at any other time by contacting us using the info@miragoninv.com email address.
  3. 4.4.  Your Data has been collected by us on a voluntary basis. If you do not wish for us to process your Data, please contact us using the details set out above. If we are unable to process your Data, we will not be able to involve you in any of our service activities as set out in paragraph 4.3 above.

5. Data security

  1. 5.1.  We have put in place appropriate security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Data to those individuals who have a business need to know.
  2. 5.2.  We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

6. Who we share your Data with
6.1. We may on occasion be required to share your Data with the following categories of recipients:

  1. (a)  other Miragon Group entities as detailed above;
  2. (b)  third parties who provide services to us or on our behalf. A full list of all our third-party service providers that potentially have access to your Data is available on request.
  3. (c)  other Miragon Group clients and corporate finance contacts where this is necessary in connection with the performance by us of services to our clients;
  4. (d)  in other cases:
  1. (i)  where we are required to do so by law or enforceable request by a regulatory body;
  2. (ii)  where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
  3. (iii)  if we sell our business, go out of business, or merge with another business.

7. International Transfers
In certain circumstances, we may transfer your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR.

8. Retention Period

  1. 8.1.  We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements. To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements
  2. 8.2.  As a general rule this means that your Data will be stored for a maximum period of 6 years from the date on which our relationship with you ends, after which time it will be put ‘beyond use’ if it is no longer required for the lawful purpose(s) for which it was obtained.

9. Your rights in relation to your Data
9.1. Under the GDPR, you have the following rights in relation to how we process your Data:

  1. (a)  right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and the kind of personal data held by us and, where that is the case, you may request access to your Data together with details of our policies and practices in relation to personal data;
  2. (b)  right to rectification and erasure: you have the right to obtain rectification of inaccurate Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
  3. (c)  right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
  4. (d)  right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format;
  5. (e)  right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. You also have the right to object to direct marketing which uses your Data. This can be done by emailing info@miragoninv.com at any time; and
  6. (f)  right to lodge a complaint: under GDPR you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office.
  1. 9.2.  For further information on your rights under GDPR, please see the Information Commissioner’s website here.
  2. 9.3.  Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.

10. Additional Information

  1. 10.1.  Wedonotundertakeautomateddecision-makingorprofilingofyourData.
  2. 10.2.  Wekeepourdataprotectionpolicy(includingthisPrivacyNotice)underconstantreviewandmay change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which point you will be given the option to request that we cease processing your Data.

Schedule 1
Categories of data processed, purposes for processing and legal basis


Data subject

Categories of data

Purpose

Legal basis for processing

Applicants

Personal details
Family, lifestyle and social circumstances Financial details
Employment, training and education details Physical or mental health details
Racial or ethnic origin

Creation of employment relationships

Necessary obligations Legitimate interests Legal compliance Performance of contract Consent

Website users

Personal details

Direct marketing Responding to queries

Legitimate interests Consent

Targets

Personal details
Financial details
Employment, training and education details Goods and services provided

Client activities

Legitimate interests

Third party service and product providers

Personal details
Goods and services provided

Direct marketing
Client activities
Discharging contractual obligations

Legitimate interests Legal compliance

Corporate finance contacts

Personal details
Financial details
Employment, training and education details

Direct marketing Surveys
Client activities

Legitimate interests Consent

Clients

Goods and services provided

Performance of contract Legitimate interests Legal compliance Consent

Interpretation
Consent: in the context of the table above, should be construed as follows:

  1. (a)  Website users: consent given by the relevant user clicking on an ‘OK’ button embedded in a pop-up banner on the website covering the processing of Data using cookies;
  2. (b)  Corporate finance contacts: may cover consent to process Data under GDPR but is really aimed at consent to receive marketing communications under relevant marketing laws. Consent here will be by way of soft opt in which means that we may contact corporate finance contacts and give them the opportunity to opt out of receiving further communications; and
  3. (c)  Clients: consent given by our clients in our advisory appointments for us to process Data provided under such appointment;

Corporate finance contacts: Direct marketing:
Discharging contractual obligations: Client activities:
any data subject entered in our CRM Database that is not a client;
keeping data subjects informed of any activities undertaken by us which we believe may be of interest to the data subjects and this may include sending data subjects email and postal marketing from time to time, calling data subjects up or sending them requests to respond to a survey;
covers our activities in connection with the discharge of our obligations under a contract with a third-party supplier or service provider. This will principally cover the processing of any Data provided to and by the counterparty;
covers the day to day activities associated with our business which may involve:

  1. (a)  reviewing and evaluating investment opportunities and sharing target details (including individual names, personal and financial details, received from counterparties) within the Miragon Group, with interested clients and with associated service providers
  2. (b)  reviewing corporate finance contact Data and sharing details (such as individual names, organisation and location) within the Miragon Group, with clients and with associated service providers;
  3. (c)  contacting clients and corporate finance contacts by email and by telephone in order to present investment opportunities; and
  4. (d)  sharing client Data provided by clients (such as individual names, organisation and location) with corporate finance contacts in order to present client sponsored investment opportunities.

Legitimate interests:
Responding to queries:
in the context of our business means the day to day activities that are undertaken to service client work (i.e. providing advisory recommendations to clients and sourcing products and deals) together with any associated middle and back office support activities;
covers the processing of Data (name and email address) for the purposes of responding to any questions sent to us using the info@miragoninv.com email address which is presented on the website. In responding to queries, data subjects’ contact details will be stored and may be shared with other Miragon Group entities; and
Surveys: from time to time investors and potential investors’ details (name and contact details) will be used to send individual data subjects survey requests. Such requests are entirely optional and will contain further details of any processing
activities that we will be undertaken in connection with the Data provided.
Schedule 2 Legitimate interests

  1. Preventing fraud
  2. Direct marketing
  3. Intragroup transfers for administrative purposes
  4. Ensuring network and information security
  5. Reporting possible criminal acts to a competent authority
  6. Enforcement of legal claims (out of court)
  7. Whistleblowing and prevention of money laundering
  8. Physical, IT and network security
  9. Processing for (market) research purposes
  10. Processing in order to provide services
  11. Compliance
  12. Internal risk management
  13. Creating employment relationships
  14. Recordkeeping and disclosure
  15. General financial and regulatory reporting to authorities